By now most business owners worth their salt have heard about the new GDPR. The really savvy ones might have even started putting measures in place to get ready for it. Sadly, most of the businesses who fell into that last category are the ‘big businesses’. You know, the ones who have infinite resources and entire departments dedicated to compliance and regulation. But that leaves the smaller businesses somewhat flustered and unsure of what to do. So today, I’m here to answer some basic GDPR questions and give you a few tips for getting your IT systems ready for the big switch.

What Is GDPR?

But first, what is this big bad acronym that has business owners rushing around like ants? GDPR stands for General Data protection Regulations, and it’s essentially the EU’s answer to the Data protection Act. However, unlike previous EU directives (which countries can choose to implement or not, and how), this is a regulation. This means it will apply to all EU countries in exactly the same way. It also reaches outside of the EU to any organisation that handles EU citizen data, regardless of their location in the world. The regulation is actually already in place – we are partway through a transition period that allowed businesses to get their house in order before the regulation comes into effect on the 25 of May 2018.

The aim of the regulation is to unify and standardise data protection policies, shoring up weak spots and creating a strong base for personal data protection. The regulation provides a single set of rules for all member states to follow (including mandatory security notifications, new rules around user consent, a clearer definition of what could be personal data and greater rights for people to access and request deletion of the information companies hold on them). A special council will be created to oversee sanctions and provide guidance. And before you ask, yes, UK businesses will still have to comply even if Brexit goes ahead. Not only will be still be handling EU citizen data (and therefore subject to GDPR), but the government have also confirmed that they will be passing GDPR into UK law if we do leave.

Getting Ready

Now the good news is that most SME’s in the UK aren’t going to be at too much risk unless they deal with lots of financial data. However, that doesn’t mean you should ignore it completely – you still have to be compliant. To help you along, we’ve put together a few tips that will help you get your IT systems GDPR ready.

1. Get Knowledgeable - The first step to preparation is understanding what is expected of you. So do some reading around the specifics of GDPR and note down everything that applies to you. There are also a ton of checklists like this one that help you build up a picture of where you are now, so you know where to go next.

2. Check Your Storage – GDPR is all about the acquisition, use, storage and destruction of personal data, so you need to know how you are storing all of your data. If your system is weak or very complex, you will need to upgrade it.

3. Encrypt Your Data – To keep it away from prying eyes, you should be encrypting your data. This doesn’t just mean while it’s sitting on your servers – but while its in motion too, Data encryption ensures that even of there is a breach in your system. No data is at risk because it can’t be ready without the de-encryption key.

4. Backup, Backup – Backup and restoration capabilities have never been more important than in the age of cyber terror. However, if you are using services like Google Drive and Dropbox to backup your business data, it might be time to move onto a more professionally managed solution that can ensure the security of your data.

5. Test Your Systems – Above all, test the security of your systems now, and not after you’ve had a breach. That would be like installing a burglar alarm after they’ve already nicked all your stuff. So be pre-emptive and try and find those weak spots now, before you become a target. If you don’t feel comfortable PEN testing yourself, there are loads of experts out there who would be happy to help you.

At All Your Computers, we’re already in full swing helping clients get their business ready for GDPR. While we might not be able to do swish PEN testing for you, we can provide expert advice on backups, security and hosting, as well as providing an outsourced service that will keep you safe and compliant with GDPR (for those bits anyway). For more information, get in touch with us today.